Jump to content

C0NFUS3D

Active Members
  • Posts

    22
  • Joined

  • Last visited

Contact Methods

  • AIM
    m3bik
  • Website URL
    https://github.com/c0nfused

Profile Information

  • Gender
    Male

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

C0NFUS3D's Achievements

Newbie

Newbie (1/14)

  1. Have a few episodes I need to catch up on

  2. I know the Mark V's are now on sale, but where can I find the battery packs for the Mark IV? I mean, what is recommended for this application? The HAK SHOP no longer carries them. :(
  3. The new reaver pro looks promising, but the hardware appears to be similar to the wifi pineapple. This is not a big deal, but doesn't this also mean, we can maybe hack the pineapple to do this too? I mean, maybe not using both features at the same time, but something like you have an option for Reaver or Jasager at boot? Just a thought at this time, but hmmmm...
  4. I've received several alerts about one of my production servers... It was sending thousands of spam email. I figured someone got the account password, so I changed them all.... but then it was still happening. I found a rogue php file in the root directory of one of the websites... It could have [possibly] been put their by some kind of injection or with the account password like I thought originally. Not sure, but check it out! --- edit ---- the code wrappers were messing up here
  5. For what it was, I thought it was an interesting movie. I know the hacks weren't actually real (I mean, this is a movie after all), but for a lower budget movie, I think it did what it was supposed to do.
  6. I've read many negative articles and discussions about the generalization of hackers and their "malicious activities." I've also seen the hackers that take offense to this because not all hackers are black hat or "doing bad things." So I'm here to ask about the good things you've done.. Have you had any positive experiences because of who you are / what you do? Do you remember Myspace.com? One of the big things were that people wanted to track who was visiting their profile. I had created a very simple hit counter called MyTrackerSpace.com that tracked IPs and cookies. It didn't show you the actual person that viewed your profile, but it gave you the time, date, and IP address of that person (the IP address was linked to ip2location.com so the end user also could see the location of the visitor). It also helped break down the stats by day, week, etc- Myspace only gave you an "overall" view count. It was a side project, never really advertised, and all of that..but it had a few thousand registered members. While I did earn ad revenue from the website, it really only covered it's own expenses. But I got this email one day: 07/15/2009 "Hi, I wanted to thank you for your site. Last October (2008) My son ran away from home. After one month of not being able to find him, I came across your site and used it in Myspace profile. I then sent My son messages hoping that he would log into his. I was able to tempt him to click onto my profile to look at photos of the family wishing him well and miss u messages. He did, and I was able to trace him 4 hours away in another town. I called the authorities there and they located him within 12 hours. he is now safe and doing well." - A MyTrackerSpace.com User I'm not rich; I live in a small town and I'm still trying to get my feet in the door professionally... I've had some bad & crazy experiences over the years too, but I can honestly say that I have [apparently] made a difference. Please feel free to share your own story if you have one! Just looking for some positive where most people see negative :)
  7. The firmware offered nothing for SSH.. at least nothing I can find. No configuration files, passwords, or anything like that. The official response I got from Value Point is [and I quote]: "There is not any management interface on SSH, it it just used for manufacturing." Seeing as we currently don't have an extra gateway laying around for me to really go any further with this- since it'll apparently be more difficult than I thought, I may have to stop here for the moment. :( Thanks for all your help digip!!
  8. Did I mention how awesome you were yet, digip? :) I used Magic Rescue. sudo magicrescue -r gzip -d ./output/ ./NC3500_1_00_94.bin [/CODE] This resulted in [b]./output/0000000E6800-0.initrd.img[/b] being created, which I then mounted to /mnt/tmp and can now see the entire file system from the firmware. :D
  9. I thought you meant int0x80 but you said int0x0 at first, so i was like, who's that? lol Thanks digip! You're awesome. binwalk shows: binwalk NC3500_1_00_94.bin -v Scan Time: Dec 18, 2012 @ 09:55:45 Magic File: /usr/local/etc/binwalk/magic.binwalk Signatures: 125 Target File: NC3500_1_00_94.bin MD5 Checksum: 85fe894f6720334b33f5ea94b0f2ce6c DECIMAL HEX DESCRIPTION ------------------------------------------------------------------------------------------------------- 13059 0x3303 LZMA compressed data, properties: 0x80, dictionary size: 1610612736 bytes, uncompressed size: 603979776 bytes 14260 0x37B4 gzip compressed data, from Unix, last modified: Fri Feb 17 11:15:01 2012, max compression 944128 0xE6800 gzip compressed data, was "initrd.img", from Unix, last modified: Fri Feb 17 11:17:57 2012, max compression [/CODE] I then try the next step mentioned, hoping firmware-mod-kit could help, but it appears to not support this type. I do see mention of some gizp compressed data, so maybe I can extract that?? Might be time to learn a hex editor
  10. I won't be back in the office until Tuesday to try a serial connection.. But regarding the firmware: The available firmware I can find is .bin for the older ones and .img for the newer ones. This is definitely my first attempt ever at trying this.. so I am pursuing this option, but looking in to other options in case it does not work out. I haven't had much luck yet.. Here's what I know so far: the FILE command- http://en.wikipedia....i/File_(command) simply outputs that the firmware is a data.file It's not plain text It's not packaged with zip or tar I haven't found a program [yet] that can offer any help deciphering this file.. Will keep searching!
  11. @digip is correct to assume that I am talking about http://www.valuepoin...ers/nc3500.html The default of root/root is for the web gui. That does not work for SSH. and yes, we change from the default username/password, but no, the new information does not work for ssh access either.. Any username and password combination I have available for the web gui does not work for SSH. And yes, I have full root access to the web gui, it's not that my bosses just don't provide me with proper access.. They come out of the box with SSH enabled and answering on port 22.. There are no settings available in the web gui for SSH, and I don't see any mention of it in the documentation.. They do have a serial port, and now that you mention it, I'll see what I can get when I plug in to it.. but even setting them up, we never use this port. It's all web based configuration, right out of the box..
  12. I work for a networking company that sets up and manages public wireless hot spots. We use the same type of gateway for every job because it offers a lot of options that we require. How ever, as with most routers, the interface is very limited. I've built software that monitors and manages these routers from the outside, mainly utilizing CURL in PHP.. but I'm limited to what the router is already capable of doing in it's web based control panel.. I want more. It appears to have a built in SSH server, which if I could get in to, I could build more customized software features INSIDE. The problem is is that the web based control panel username&passwords do not seem to work for the SSH server. I think the SSH server is more for use by the manufacture? Does anyone here know anything more about the value point gateway controllers? Specifically the 3550 & 3560 models?
  13. which is kind of disappointing.. guess I'll be buying the TI board
  14. Well, I had got the white screen shot after several tries and I think I had helped it with part of it... but I did figure out what the problem was. I needed a delay in the beginning of the scripts. After researching and experimenting, I realized that the computer was taking a few seconds to register the Ducky, but I had read the Ducky starts pretty much as soon as it gets power. So I added a slight delay in the beginning to let the computer catch up, and it works great now. :) Thanks
  15. If you'd refer to http://forums.hak5.o...7-key-problems/ I've been having problems with special keys, like the windows key. At first, I thought it was just not working at all, but if you try running the same payload with notepad already open, you'll probably see things are happening.. but if you run it on the desktop or other application, you won't see the words being typed: "notepad.exe" and "Hello World!"
×
×
  • Create New...